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whatis 


introduction to ethical hacking 
motivation, required skillset 
resources to get you started 
Q&A 


ethical hacking 


hacker - originally, someone who makes furniture with an axe 
otherwise, hacking is quite a positive word 
o although not in media and specific countries 
red teaming and blue teaming 
pentesting 


motivation 


challenge one’s abilities 
learn new area in IT - it_skill++ 
potential main source of income 
o bug bounty, pentesting, internal security expert 


emerging market for cyber security 140.71 


128.5 
o increase from $3.5B in 2004 to $115B in 2018 ٣ 115.85 


173.57 
155.72 
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motivation [H1 report 2018] 


learn tips and techniques 

be challenged 

have fun 

make money 

advance one’s career 

do good in the world & help others 
protect and defend 

show off 


src: https://ma.hacker.one/rs/168-NAU-732/images/the-201 8-hacker-report.pdf 
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skillset 


learn how to program. 

get one of the open-source Unixes and learn to use and run it. 
learn how to use the World Wide Web and write HTML. 

if you don't have functional English, learn it. 

try harder / never give up mindset. 


src: http://www.catb.org/esr/faqs/hacker-howto.html#basic_skills 7 


attitude 


the world is full of fascinating problems waiting to be solved. 
no problem should ever have to be solved twice. 

boredom and drudgery are evil. 

freedom is good. 

attitude is no substitute for competence. 


src: http://www.catb.org/esr/faqs/hacker-howto.html#attitude 
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resources to learn from 


vulnerable web apps 

online platforms for security education 
ctfs 

written content online - articles, blogs, ... 
books 

podcasts 

conferences 

+ bug bounty 

+ tools 


S vulnerable web apps 


e OWASP - curated list of web applications available 


o https://www.owasp.org/index.php/OWASP_ Vulnerable Web_Applications_Directory_Project 
e both online & offline + ISOs 


[...] list of vulnerable web applications available to security professionals for 
hacking and offensive activities, so that they can attack realistic web 
environments... without going to jail :) 


web apps - online platforms 


Hack The Box - machines & challenges 

o https://www.hackthebox.eu/invite - test to get invite code to HTB 
Avatao - e.g. CrySys 2019 

o  https://platform.avatao.com/discover/paths 
Over The Wire - online wargames (Bandit, Natanz, ...) 

o https://overthewire.org/wargames/ 


OWASP Juice Box / DVWA / bWAPP 


o available via link on previous slide 


S owasp juice shop 


X X 


Name Description 


Order the Christmas special offer of 2014 

Use a deprecated B2B interface that was not properly shut down 
Get rid of all 5-star customer feedback 

Log in with the administrator's user account 


Log in with MC SafeSearch's original user credentials without applying SQL Injection or any 
other 


sword Strength Log in with the administrator's user credentials without previously changing them or 
applying SQL Injection 


Security Policy Behave like any "white-hat" sho 


Weird Crypto Inform the shop about an algorithm or library it should definitely not use the way it does 


S dvwa 


File Inclusion 


SQL Injection 


SQL Injection (Blind) 


Upload 


XSS reflected 


XSS stored 


DVWA Security 


PHP Info 


About 


Logout 


DUA) 


Welcome to Damn Vulnerable Web App! 


Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals 
are to be an aid for security professionals to test their skills and tools in a legal environment, help web 
developers better understand the processes of securing web applications and aid teachers/students to 
teach/leam web application security in a class room environment. 


WARNING! 


Damn Vulnerable Web App is damn vulnerable! Do not upload it to your hosting provider's public html folder or 
any internet facing web server as it will be compromised. We recommend downloading and installing 7 
onto a local machine inside your LAN which is used solely for testing. 


Disclaimer 


We do not take responsibility for the way in which any one uses this application. We have made the purposes of 
the application clear and it should not be used maliciously. We have given warnings and taken measures to 
prevent users from installing DVWA on to live web servers. If your web server is compromised via an installation 
of DVWA it is not our responsibility it is the responsibility of the person/s who uploaded and installed it. 


General Instructions 


The help button allows you to view hits/tips for each vulnerability and for each security level on their respective 
page. 


13 


S bwapp 


سا 
وغه 


| W A PP ee bWAPP Xmas Hacking Challenge 


Set Security Level Credits Blog Logout 


/ Portal / 


bWAPP, or a buggy web application, is a free and open source deliberately insecure web application 

It helps security enthusiasts, developers and students to discover and to prevent web vulnerabilities. 
bWAPP covers all major known web vulnerabilities, including all risks from the OWASP Top 10 project! 
It is for educational purposes only 


SO060 


Which bug do you want to hack today? :) 


———- bWAPP Xmas Hacking Challenge -- 
SQL Injection (Search) 


Hack 


bWAPP is For educational purposes only / Follow on Twitter and receive our cheat sheet, updated on a reqular basis / © 2014 MME BVBA 
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other online materials 


Hacker news - https://news.ycombinator.com/ 


٥ news curated by community - top posts are most relevant 


Hacksplaining - https://www.hacksplaining.com/ 


o security training for developers 


VulnHub - https://www.vulnhub.com/ 
o provide materials that allows anyone to gain practical ‘hands-on’ experience in security 


Live overflow - https://liveoverflow.com/ 


o place to learn about topics such as buffer/heap overflows, reverse engineering, vulnerability 
analysis, debugging, fuzzing and generally hacking 


Smash the stack - http://smashthestack.org/ 


٥ wargaming network 
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S ctfs 


Capture The Flag 


O 


O ©. O © 


competition for security professionals and students / enthusiasts 
https://ctftime.org/ - aggregator for CTFs 

goal: test one’s skills in a series of challenges 

typically have time constraint (weekend) 

a lot of them have a reward - either reputation or money 
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use case - PicoCTF 


PicoCTF - https://2018game.picoctf.com/ 


o  PICOCTFIS A FREE COMPUTER SECURITY GAME TARGETED AT MIDDLE AND HIGH SCHOOL STUDENTS. THE GAME CONSISTS OF A 
SERIES OF CHALLENGES CENTERED AROUND A UNIQUE STORYLINE WHERE PARTICIPANTS MUST REVERSE ENGINEER, BREAK, 
HACK, DECRYPT, OR DO WHATEVER IT TAKES TO SOLVE THE CHALLENGE 


Problems Score: 0 


We have exhausted server capacity to support new accounts. This will be fixed 
in the near future. For status updates, please see this Piazza post 

For status on problems, read the Problem Statuses pinned post on Piazza 
This will include any problems that have been disabled or revised 


Forensics Warmup 1 - Points: 50 - (Solves: 18601) Forensics - Unsolved 


Solve Hints 


Can you unzip this file for me and retreive the flag? 
Submit! 16 Le 
Forensics Warmup 2 - Points: 50 - (Solves: 17598) Forensics - Unsolved 


Solve Hints 


Hmm for some reason | can't open this PNG? Any ideas? 


Submit! 1 le) 


General Warmup 1 - Points: 50 - (Solves: 23273) General Skills - Unsolved 


S use case - 35C3 Junior 


e 35c3 Junior CTF - https://junior.35c3ctf.ccc.ac/ 


o Some of them are working - mainly to see the concept of CTF 


35C3 Junior CTF Announcements Scoreboard | Challenges FAQ 


Crypto For Misc Of course Pwn Web 


blind > 


Solves: 57 


Hacking blind: (TU MERYAE ET? 
Flag is at flag 


Difficulty estimate: Medium 


collider € 
DB Secret €} 
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S use case - Czech CTF example 


e The Catch - https://www.thecatch.cz/ 


o 1-4 members 
o Czech round in Prague, finals in Japan 


e CTFsat/for conferences 
o  https://konferencesecurity.cz/ 


o  https://2019.prague.wordcamp.org/ctf/ 
o Catch The Qubit for https://qubitconference.com/ 


use case - Slovak CTF example 


Guardians 2019 - https://wargame.sk/ 


only for individuals - no teams 


storyline - elections: compromised security 
o prevent data leak that could harm candidates 
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online written resources 


OWASP Top Ten Project 
o https://www.owasp.org/index.php/Category:OWASP_ Top, Ten_Project 
write-ups from disclosed bug bounties 
awesome-bug-bounty, awesome-security and awesome-pentest lists 
o eg. https://github.com/djadmin/awesome-bug-bounty 
write-ups of past CTFs 
+ written/video write-ups on retired Hack The Box machines 
o Valentine - https://www.youtube.com/watch?v= XYXNvemqgJUo 
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books 


the web application hacker's handbook: finding and exploiting security flaws 
o 2nd edition [Dafydd Stuttard, Marcus Pinto] 


OWASP testing guide v4 
o free, https://www.owasp.org/index.php/OWASP_ Testing_Project 
the hacker playbook 3: practical guide to penetration testing [Peter Kim] 


hacking: the art of exploitation [Jon Erickson] 
web hacking 101 [Peter Yaworski] - bug bounties 
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S podcasts 
e hackable - https://hackablepodcast.com/ 


o view on security from consumer point of view, recommended for beginners 


e unsupervised learning - https://danielmiessler.com/podcast/ 
o content curation as a service 
o ~30 minute overview of news in security, technology and humans 
o senior IT Security researcher 
o Creator and leader of the OWASP IOT security project & SecLists project 
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others 


Pentester Land - https://pentester.land/ 


o really nice resource with news, cheatsheets, conference news etc. 


Zero Daily - https://www.hackerone.com/zerodaily 
o Hacking, AppSec, and Bug Bounty newsletter 


The Secure Developer 


o https://www.heavybit.com/library/podcasts/the-secure-developer/ 
o podcast about security for developers, covering tools and best practices 
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certifications 


OSCP, OSCE by offensive security 

CEH - certified ethical hacker 

CISSP, Security+ 

.. + a lot more 

not needed if starting with security/bug bounty 
mainly a formal requirement in job descriptions 
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conferences 


OWASP Local Chapters 
DEFCON & BlackHat - largest ones, LV, US (+ onsite/online CTF) 
Chaos Communication Congress - every year, DE (+ onsite/online CTF) 
Security Session - Brno, CZ (+ onsite CTF) 
Def Camp - important sec conference in CEE, RO (+ onsite CTF) 
Hacktivity - Budapest, HU 
nearly all of them publish talks & materials online 

o e.g. https://media.ccc.de/ and others 
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bug bounty 


break software & get paid in the process 

earn $ and reputation 

everyone can start, just register at a bug bounty platform 
o https://www.hackerone.com/start-hacking 

start with public programs, then get invites into private ones 
o or use https://ctf.hacker101.com/ 
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bug bounty platforms 


hackerone 

o https://hackerone.com/bug-bounty-programs 
bugcrowd 

o  https://bugcrowd.com/programs 
hacktrophy [SK] 

bountysource 

.. plus private programs 


o facebook 
o google 
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tools used by security experts 


OWASP ZAP - active scanner + proxy 

burp suite - proxy 

firefox - web browser 

nmap - network scanner 

wireshark - network traffic analyzer 

hydra - bruteforce password cracker 

sqlmap - SQL Injection checker 

gobuster/dirb - enumerate endpoints 

nikto - web application scanner 

SPARTA - GUI application to simplify network penetration testing 
binwalk - analysis of a resource (img/zip) to see resources within 
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tips and hints 


find a team you can work with 
challenge yourself 
try harder attitude 
.. add your own in 


S q&a 
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